Lucene search
K

29 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/30 8:1 a.m.7 views

attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

...

8.4CVSS5.8AI score0.00136EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.21 views

Linux Distros Unpatched Vulnerability : CVE-2026-54371

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges b...

8.4CVSS6.1AI score0.00136EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/29 2:21 p.m.8 views

Symlink Attack

Overview libattr is a None Affected versions of this package are vulnerable to Symlink Attack. via the getfattr or setfattr process. An attacker can gain elevated privileges by substituting a symbolic link for a pathname component during directory traversal, causing operations to be redirected to...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00136EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 2:16 p.m.4 views

UBUNTU-CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.9 views

CVE-2026-54371

A flaw was found in the attr package. This vulnerability allows a local attacker to perform a symlink traversal attack by replacing a pathname component with a symbolic link - either during directory hierarchy traversal by getfattr or during backup restoration by setfattr, which reads and resolve...

8.4CVSS5.7AI score0.00136EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:39 p.m.41 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:39 p.m.6 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/29 12:39 p.m.6 views

CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 12:39 p.m.7 views

EUVD-2026-40087

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:39 p.m.40 views

CVE-2026-54371

The CVE affects the attr utilities (getfattr/setfattr) with versions before 2.6.0. Root cause is a symlink traversal during directory hierarchy traversal, enabling local privilege escalation when a privileged process uses getfattr/setfattr on attacker-controlled paths. The documents do not provid...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/29 12:39 p.m.8 views

CVE-2026-54371

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...

8.4CVSS5.9AI score0.00136EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53274

Name of the Vulnerable Software and Affected Versions attr versions prior to 2.6.0 Description A flaw in the attr component, specifically within the getfattr and setfattr utilities, allows a local attacker to perform a symlink traversal attack. By replacing a pathname component with a symbolic li...

8.4CVSS6AI score0.00136EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-0085

Malware in sbrugna...

2.1CVSS6.4AI score0.00395EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-387890)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-387890 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID:...

5.5CVSS6.1AI score0.00253EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/09/18 1:34 p.m.4 views

Security update for busybox, busybox-links

This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 jscPED-13039: CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580 CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function bsc1217584...

5.5CVSS7.2AI score0.00433EPSS
Exploits3References32
SUSE Linux
SUSE Linux
added 2025/09/12 3:57 p.m.4 views

Security update for busybox, busybox-links

This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 jscPED-13039: - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580 - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function bsc1217584 -...

5.5CVSS7.2AI score0.00433EPSS
Exploits3References30
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

5.5CVSS6.4AI score0.00253EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/12/12 8:0 a.m.7 views

nfs: Fix KMSAN warning in decode_getfattr_attrs()

...

5.5CVSS6.7AI score0.00253EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/20 3:48 a.m.5 views

SUSE CVE-2024-53066

In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...

5.5CVSS6.4AI score0.00253EPSS
Exploits0References18
Rows per page
Query Builder